Preventing github actions to trigger on specific branches

[KarimReda-CS]

So I have been working with Github action for some time and I found a very interesting security concern. Let's assume I am working in a company where only employees in the company have access to the repositories. Is there a feature that disallows GitHub actions to be triggered on repositories other than the master one?

Because from where I stand, if there is no such feature, a junior developer can create a draft branch (which normally senior developers don't look into), create a github action that triggers on push on that branch, and then do whatever he wants with this ga even things such as viewing the secrets etc... .